Embodiments of the present disclosure generally relate to methods and devices to manage modifications of protected registers in implantable medical devices.
Implantable medical devices (IMDs) are configured to treat and/or monitor a variety of physiologic conditions. Non-limiting examples of IMDs include pacemakers, cardioverter defibrillators, cardiac rhythm therapy devices, neurostimulator devices, as well as various other implantable lead-based or leadless monitoring and/or therapy devices. An IMD operates based on various configuration settings that can programmed or otherwise set at the time of manufacture, at the time of implant and/or thereafter.
When designing an IMD, one goal is to build in safe-guards against un-intended modifications to operation of the IMD, including the settings in certain registers, such as configuration registers. Configuration and other low-level settings are generally stored in memory elements referred to as registers. Changes in the settings in certain registers can substantially change an operation or state of the IMD. When the low-level registers are re-programmed in an unintended manner, the IMD may not perform the intended function or may perform an un-intended function.
Un-intentional modifications to a configuration register may be caused by various different sources. For example, a modification may be caused by a “soft error” or a ‘hard fault”. A hard fault corresponds to a physical change in the structure of the electronics, such as a broken wire. A soft error may cause one or more bits in a configuration register to change state. In general, an IMD may recover from a soft error if the error condition is detected. Soft errors may be triggered by normal ambient radiation which directly causes a state change (or “bit flip”) in a latch, flip-flop, or memory cell. Optionally, the ambient radiation may not directly impinge upon the register, but instead may impact a component upstream of the register which in turn causes a downstream effect in which the register changes a state of one or more bits. Soft errors, while rare, do occur and can impact a system. Another source of un-intended modifications can be a software bug introduced either by accident or by malicious means in which an inadvertent write to a register or memory location can cause an undesired system impact.
It has been proposed to utilize a “redundant register” utility for certain registers that are expected to reliably hold a value for extended periods of time. The redundant register utility guards against both errant write operations and direct effects of radiation-induced single event upsets. However, the redundant register utility it is a costly resource solution as multiple addition logic components (e.g., flip-flops) are required to perform the check redundant operation.
In addition, it has been proposed to rely upon a simple parity check, whereby a single extra storage bit is added in connection with each register to be monitored. A state of the parity bit is managed to maintain a value that indicates whether a content of the registers is has a total number of odd or even “1”s (or “0” s). The use of a parity register provides some benefits. However, in many applications, a single parity bit is insufficient due to a vulnerability that a pair or an even number of bits in the register may change to incorrect states.